undefined | Better HN

0 pointsromanhn3y ago0 comments

I believe you still need a bastion host to query a database, for instance, unless you want to set up SSM on existing hosts - my current project is fully serverless, so I had to set up an EC2 instance to serve as the bastion. The beauty of SSM is that the host can be fully on a private subnet, not exposed to the wider internet as commonly suggested.

0 comments

threeseed3y ago

You can setup a Tailscale traffic relay node which allows you to access any services within the defined subnets.

https://tailscale.com/kb/1019/subnets/

So that way you can query that database directly and not using any SSH tunnels.

berkle44553y ago

Yeah, if you’re using managed services within AWS you need a relay host. It doesn’t need to punch a hole to the outside world (like a bastion host) but it still needs some manner to allow tailscale (an ec2 box) to route to those services.

SSM is a cleaner choice on AWS.

j / k navigate · click thread line to collapse